“A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems,” according to a Symantec Security Response advisory. “Be cautious when handling OpenOffice files from unknown sources.”
Apple’s Mac OS is not a virus-free platform, said Jan Hruska, who co-founded antivirus firm Sophos.
“Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment,” Hruska said. “The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free.”
Once opened, the OpenOffice file, called badbunny.odg, launches a macro that behaves in several different ways, depending on the user’s operating system.
On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user’s mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb.